* A significant amount of work has been put into GRUB2 in our [[Monotone Repository|monotone repository]], which also provides snapshots.

* A significant amount of work has been put into GRUB2 in our [[Monotone Repository|monotone repository]], which also provides snapshots.

* The mainline version of GRUB2 has a [http://grub.enbug.org/CoreBoot wiki page on the coreboot port].

* The mainline version of GRUB2 has a [http://grub.enbug.org/CoreBoot wiki page on the coreboot port].

−

* There is currently no significant work going on in our GRUB2 repository, not even synchronization to the upstream repository. If you require the additional features of our branch below, go ahead. Otherwise, upstream might serve you better. Or not. If you want to help out or report bugs for our branch, see

+

* There is currently no significant work going on in our GRUB2 repository, not even synchronization to the upstream repository. If you require the additional features of our branch below, go ahead. Otherwise, upstream might serve you better. Or not. If you want to help out or report bugs for our branch, see [[GRUB2#How_to_help_and_report_bugs|How to help and report bugs]]

== How to build GRUB2 as a payload ==

== How to build GRUB2 as a payload ==

Line 150:

Line 150:

For various reasons, [[User:RobertMillan|Robert Millan]] of the GRUB project did another original implementation, which got merged, so we moved our effort to their new code base and continued from there.

For various reasons, [[User:RobertMillan|Robert Millan]] of the GRUB project did another original implementation, which got merged, so we moved our effort to their new code base and continued from there.

Status

There is currently no significant work going on in our GRUB2 repository, not even synchronization to the upstream repository. If you require the additional features of our branch below, go ahead. Otherwise, upstream might serve you better. Or not. If you want to help out or report bugs for our branch, see How to help and report bugs

in the .usb branch, provides an uhci driver and usb storage support. highly experimental at this time

Building a diskimage

If you are using coreboot v2, the firmware image is not a LAR archive, as in coreboot v3. If you want to place files in the coreboot+grub2 image, you can still create a diskimage and include it in your payload.

create a lar/cpio/tar file (cpio must be gnu cpio. files created by other cpios might not be compatible)

add -m lar/cpio-file to your grub-mkimage command line

Per default GRUB2 looks for a configuration file grub.cfg in the disk image. The path is

(memdisk)/grub.cfg

Checking Signatures

Currently the tools for crypto signature verification are not built automatically. To build them, run

$ cd libs/sigtools
$ make

Using sigtools

Create a key pair filename.pub and filename.sec with

$ genkeypair filename

Create a signature of candidate using keyfile.sec and save it as candidate.sig:

$ gensig keyfile candidate

Verification in GRUB2

Load /key.pub as public key and block access to all unsigned files with

$ load-pubkey /key.pub

Verify foo using the signature foo.sig, reporting success or failure and grant access to the file foo with:

Hints and Tricks

Loading grub.cfg from disk

It is suggested that grub.cfg is contained in a memdisk/lar image. This grub.cfg can be used to load other configuration files from any mass storage media. If you want to load a grub.cfg from the first device that contains one, your in-flash grub.cfg can look like this: